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Question: 1 


Which virtual machine does VMware recommend be manually excluded from the Distributed 
Firewall? 


A. NSX Manager 

B. Microsoft SQL Server 

C. vRealize Automation Appliance 
D. vCenter Server 


Answer: D 


Question: 2 


What is one of the benefits of using logical switches in an NSX environment? 


A. Quality of Service parameters are automatically configured in a logical switch. 

B. The physical infrastructure is responsible for maintaining the logical switch broadcast tables. 
C. The physical infrastructure is not constrained by MAC/FIB table limits. 

D. IP subnet definitions can be migrated into logical switches using the NSX Manager. 


Answer: C 


Question: 3 


A group of users needs secured access to a set of web-based applications in a SDDC. 
Which VPN option is best suited for this? 


A. IPSec VPN 

B. SSL VPN-Plus 

C. L2VPN 

D. Application VPN 


Answer: B 


Question: 4 


What are two things that should be done before upgrading from vCloud Networking and Security to 
NSX? (Choose two.) 


A. Power off vShield Manager 
B. Deploy NSX Manager virtual appliance 
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C. Uninstall vShield Data Security 
D. Ensure that forward and reverse DNS is functional 


Answer: C,D 


Question: 5 


Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose 
three.) 


A. DHCP Snooping 

B. IP Sets 

C. Spoofguard configured for Trust on First Use. 

D. VMware Tools installed on every guest virtual machine. 
E. ARP Snooping 


Answer: A,D,E 


Question: 6 


Which two network services are abstracted from the underlying hardware by NSX? (Choose two.) 


A. Virtual Private Networks. 

B. Multiprotocol Label Switching. 

C. Load Balancing. 

D. Overlay Transport Virtualizations. 


Answer: A,C 


Question: 7 


When specifying a source for a security rule, what is the purpose of the Negate Source check box? 
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A. If Negate Source is selected, the rule is sent to only the objects identified under object type. 

B. If Negate Source is selected, the rule is applied to traffic coming from all sources except for the 
source identified under the object type. 

C. If Negate Source is not selected, the rule is applied to traffic coming from all sources except for the 
source identified under the object type. 

D. if Negate Source is not selected, the rule is sent to only the objects identified under the object 


type. 


Answer: B 


Question: 8 


What are two requirements of the network infrastructure to virtualize the access layer? (Choose 
two.) 


A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design. 

B. IPv4 connectivity among ESXi hosts. 

C. Increased MTU if the virtual machines are using the default MTU size of 1500. 

D. A Redundant, Layer 3, Top-of-Rack network design to provide high availability to ESX hosts. 


Answer: B,C 


Question: 9 


Which vSphere network object abstracts the physical network, provides access-level switching in the 
hypervisor and enables support for overlay networking? 


A. Standard Switch 
B. Distributed Port Group 
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C. Distributed Switch 
D. Logical Switch 


Answer: C 


Question: 10 


A network administrator has been tasked with deploying a 3-tier application across two data centers. 
Tier-1 and tier-2 will be located in Datacenter-A and tier-3 will be located in Datacenter-B. 
Which NSX components are needed to make this deployment functional? 


A. A universal transport zone deployed with a universal distributed logical router (UDLR), a universal 
logical switch and two local logical switches connected to the UDLR. 

B. A universal transport zone deployed with a universal distributed logical router (UDLR), two 
universal logical switches and a single logical switch connected to the UDLR. 

C. A universal transport zone deployed with a universal distributed logical router (UDLR) and three 
universal logical switches connected to the UDLR. 

D. A universal transport zone, a universal distributed logical router (UDLR) and three local switches in 
each data center connected to the UDLR. 


Answer: C 


Question: 11 


You have deployed an Edge Services Gateway with the following interface configuration: 
Configure interfaces of this NSX Edge. 
S R © Actions 


vNIC# 14 Name | IP Address Subnet Pretix Length Connected To 


SNA 


1 Transit-Network 192.163.5.1" 29 Transit- Network-O1 


Your customer has requested that you provide the ability to use Remote Desktop Protocol to log into 
a virtual machine that has a tenant IP address of 192.168.7.21 using the provider IP address 
192.168.100.4. You have performed the following configuration however, you cannot RDP into the 
virtual machine. 
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What configuration change do you need to make to allow this connection? 


A. Change Applied On to “Uplink”. 

B. Change the Protocol to “any”. 

C. Change the Translated Port/Range to “rdp”. 

D. Swap the Original IP/Range and Translated IP/Range IP Addresses. 


Answer: A 
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